dovecot-2.2: stats: Workaround opening /proc/self/io in processe...
dovecot at dovecot.org
dovecot at dovecot.org
Sun Dec 8 23:26:53 EET 2013
details: http://hg.dovecot.org/dovecot-2.2/rev/7acfc7b1b8f4
changeset: 17051:7acfc7b1b8f4
user: Timo Sirainen <tss at iki.fi>
date: Sun Dec 08 23:26:40 2013 +0200
description:
stats: Workaround opening /proc/self/io in processes that have only temporarily dropped root privileges.
diffstat:
src/plugins/stats/stats-plugin.c | 35 ++++++++++++++++++++++++++---------
1 files changed, 26 insertions(+), 9 deletions(-)
diffs (46 lines):
diff -r 78b34eb7c6c5 -r 7acfc7b1b8f4 src/plugins/stats/stats-plugin.c
--- a/src/plugins/stats/stats-plugin.c Sun Dec 08 23:04:18 2013 +0200
+++ b/src/plugins/stats/stats-plugin.c Sun Dec 08 23:26:40 2013 +0200
@@ -119,16 +119,33 @@
static int process_io_open(void)
{
+ uid_t uid;
+
+ if (proc_io_fd != -1)
+ return proc_io_fd;
+
+ if (proc_io_disabled)
+ return -1;
+ proc_io_fd = open(PROC_IO_PATH, O_RDONLY);
+ if (proc_io_fd == -1 && errno == EACCES) {
+ /* kludge: if we're running with permissions temporarily
+ dropped, get them temporarily back so we can open
+ /proc/self/io. */
+ uid = geteuid();
+ if (seteuid(0) == 0) {
+ proc_io_fd = open(PROC_IO_PATH, O_RDONLY);
+ if (seteuid(uid) < 0) {
+ /* oops, this is bad */
+ i_fatal("stats: seteuid(%s) failed", dec2str(uid));
+ }
+ }
+ errno = EACCES;
+ }
if (proc_io_fd == -1) {
- if (proc_io_disabled)
- return -1;
- proc_io_fd = open(PROC_IO_PATH, O_RDONLY);
- if (proc_io_fd == -1) {
- if (errno != ENOENT)
- i_error("open(%s) failed: %m", PROC_IO_PATH);
- proc_io_disabled = TRUE;
- return -1;
- }
+ if (errno != ENOENT)
+ i_error("open(%s) failed: %m", PROC_IO_PATH);
+ proc_io_disabled = TRUE;
+ return -1;
}
return proc_io_fd;
}
More information about the dovecot-cvs
mailing list